[SECURITY] [DSA 1398-1] New perdition packages fix arbitrary code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1398-1 [email protected] http://www.debian.org/security/ Noah Meyerhans November 05, 2007 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1398-1] New perdition packages fix arbitrary code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1398-1 [email protected] http://www.debian.org/security/ Noah Meyerhans November 05, 2007 http://www.debian.org/security/faq -...

GLSA-200710-29 : Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-200710-29 Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code Ulf Harnhammar from Secunia Research discovered a format string error in the incputerror function in file src/inc.c. Impact : A remote attacker could...

Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code

Background Sylpheed and Claws Mail are two GTK based e-mail clients. Description Ulf Harnhammar from Secunia Research discovered a format string error in the incputerror function in file src/inc.c. Impact A remote attacker could entice a user to connect to a malicious POP server sending specially...

vim -- Command Format String Vulnerability

A Secunia Advisory reports: A format string error in the "helptagsone" function in src/excmds.c when running the "helptags" command can be exploited to execute arbitrary code via specially crafted help files...

GLSA-200706-02 : Evolution: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-200706-02 Evolution: User-assisted execution of arbitrary code Ulf Harnhammar from Secunia Research has discovered a format string error in the writehtml function in the file calendar/gui/e-cal-component-memo-preview.c. Impact : A...

Evolution: User-assisted execution of arbitrary code

Background Evolution is the mail client of the GNOME desktop environment. Description Ulf Harnhammar from Secunia Research has discovered a format string error in the writehtml function in the file calendar/gui/e-cal-component-memo-preview.c. Impact A remote attacker could entice a user to open a...

QK SMTP远程栈溢出漏洞

QK SMTP Server是一款SMTP（简单邮件传输协议）服务器软件。 QK SMTP Server在处理用户命令参数时存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞在服务器上执行任意指令。 QK SMTP Server在处理传送给“RCPT TO:”命令的参数时存在栈溢出漏洞，远程攻击者可以通过向服务器发送超长参数导致执行任意指令。 QKSoft QK SMTP 3.1.0 Beta QKSoft QK SMTP 3.0.1 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.qksoft.com/ /...

QK SMTP <= 3.01 (RCPT TO) Remote Denial of Service Exploit

No description provided by source. / ============================================================= 0-day RCPT TO DoS Exploit for QK SMTP version 3.01 and lower. ============================================================= Exploit affects a format string error in the RCPT TO command in which the...

QK SMTP 3.01 - RCPT TO Remote Denial of Service

QK SMTP 3.01 - RCPT TO Remote Denial of Service / ============================================================= 0-day RCPT TO DoS Exploit for QK SMTP version 3.01 and lower. ============================================================= Exploit affects a format string error in the RCPT TO command ...

Ubuntu 4.10 / 5.04 : apache2, libapache-mod-ssl vulnerabilities (USN-177-1)

Apache did not honour the 'SSLVerifyClient require' directive within a block if the surrounding block contained a directive 'SSLVerifyClient optional'. This allowed clients to bypass client certificate validation on servers with the above configuration. CAN-2005-2700 Filip Sneppe discovered a...

[SECURITY] [DSA 749-1] New ettercap packages fix arbitrary code execution

------------------------------------------------------------------------ Debian Security Advisory DSA 749-1 [email protected] http://www.debian.org/security/ Michael Stone July 10, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...

[SECURITY] [DSA 749-1] New ettercap packages fix arbitrary code execution

------------------------------------------------------------------------ Debian Security Advisory DSA 749-1 [email protected] http://www.debian.org/security/ Michael Stone July 10, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...

[SA15473] Iron Bars SHell Format String Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[SA14879] Lotus Notes/Domino Multiple Vulnerabilities

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: Lotus Notes/Domino Multiple Vulnerabilities SECUNIA...

SuSE-SA:2003:048: gpg

The remote host is missing the patch for the advisory SuSE-SA:2003:048 gpg. The gnupg the SUSE package is named gpg package is the most widely used software for cryptographic encryption/decryption of data. Two independent errors have been found in gpg GnuPG packages as shipped with SUSE products:...

Half-Life 1.1 Client - Server Message Format String

// source: https://www.securityfocus.com/bid/6582/info // It has been reported that the Half-Life client contains a format string vulnerability. When receiving messages from an administrator through the adminmod add-on package, the client does not properly handle input. This could result in denia...

Многочисленные дырки в ntop (multiple bugs)

при запуске с ключем -w ntop работает как http-сервер, при этом через обратный путь в директориях возможен доступ к любым файлам. Кроме того, при длинном GET-запросе происходит переполнение буфера и есть ошибка форматной строки...

Ошибка форматной строки в функциях Unixware message catalog (format string)

Ошибка форматной строки почти во всех suid-приложениях...

Переполнение буфера в sastcpd (buffer overflow)

переполнение буфера, ошибка форматной строки, использование переменных пользователя для запуска внешних приложений...